Abstract
Research problem
This study drew upon legitimacy theory to explore how breached firms in the United States legitimize their existence by communicating future performance prospects to the public.
Motivation
Cybersecurity incidents present significant challenges to organizational legitimacy. Despite this, there is a limited understanding of how firms navigate such legitimacy gaps through accounting disclosures, particularly in relation to communicating future performance prospects.
Theoretical reasoning
Legitimacy theory posits that firms operate within society based on an implicit social contract, requiring socially desirable actions. Data breaches violate this contract, creating a legitimacy gap. To maintain legitimacy, firms are motivated to align with societal expectations by enhancing public disclosures of future performance prospects.
Test hypothesis
We hypothesized that U.S. firms use forward-looking performance disclosure (FLPD) as a legitimizing strategy following data breaches. This study evaluated two key forms of FLPD: management earnings forecasts and forward-looking narratives in the MD&A.
Adopted methodology
A difference-in-differences research design was employed, comparing breached firms with propensity-score-matched control firms in the United States.
Analyses
The analysis examined changes in FLPD before and after data breaches, validating results through parallel trend assessments, placebo tests, robustness checks, and breach-specific variations. Channels through which data breaches influence FLPD were also identified. Additional analyses addressed disclosure content, quality, and the role of proprietary costs.
Findings
Breached firms address legitimacy gaps by increasing forward-looking narratives in the MD&A without altering management earnings forecasts. Events causing greater legitimacy gaps — such as client information leaks, recurring breaches, or post–data breach notification laws — are associated with more forward-looking narratives. The influence of breaches on FLPD stems from external legitimacy pressures and internal perceptions of societal expectations. Moreover, forecast precision and narrative readability decrease slightly postbreach, with some forecast-like elements integrated into narratives. Proprietary disclosure costs constrain FLPD for some firms. Overall, FLPD serves as a strategic tool to address legitimacy concerns following data breaches.
This study drew upon legitimacy theory to explore how breached firms in the United States legitimize their existence by communicating future performance prospects to the public.
Motivation
Cybersecurity incidents present significant challenges to organizational legitimacy. Despite this, there is a limited understanding of how firms navigate such legitimacy gaps through accounting disclosures, particularly in relation to communicating future performance prospects.
Theoretical reasoning
Legitimacy theory posits that firms operate within society based on an implicit social contract, requiring socially desirable actions. Data breaches violate this contract, creating a legitimacy gap. To maintain legitimacy, firms are motivated to align with societal expectations by enhancing public disclosures of future performance prospects.
Test hypothesis
We hypothesized that U.S. firms use forward-looking performance disclosure (FLPD) as a legitimizing strategy following data breaches. This study evaluated two key forms of FLPD: management earnings forecasts and forward-looking narratives in the MD&A.
Adopted methodology
A difference-in-differences research design was employed, comparing breached firms with propensity-score-matched control firms in the United States.
Analyses
The analysis examined changes in FLPD before and after data breaches, validating results through parallel trend assessments, placebo tests, robustness checks, and breach-specific variations. Channels through which data breaches influence FLPD were also identified. Additional analyses addressed disclosure content, quality, and the role of proprietary costs.
Findings
Breached firms address legitimacy gaps by increasing forward-looking narratives in the MD&A without altering management earnings forecasts. Events causing greater legitimacy gaps — such as client information leaks, recurring breaches, or post–data breach notification laws — are associated with more forward-looking narratives. The influence of breaches on FLPD stems from external legitimacy pressures and internal perceptions of societal expectations. Moreover, forecast precision and narrative readability decrease slightly postbreach, with some forecast-like elements integrated into narratives. Proprietary disclosure costs constrain FLPD for some firms. Overall, FLPD serves as a strategic tool to address legitimacy concerns following data breaches.
| Original language | English |
|---|---|
| Article number | 2542003 |
| Journal | The International Journal of Accounting |
| Number of pages | 50 |
| ISSN | 1094-4060 |
| DOIs | |
| Publication status | Published - 4 Jun 2025 |
Bibliographical note
Epub ahead of print. Published online: 04 June 2025.Keywords
- Data breaches
- Cybersecurity
- Organizational legitimacy
- Forward-looking narratives
- Management earnings forecasts